diff options
author | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-07-29 15:41:26 +0900 |
---|---|---|
committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-08-01 13:42:07 +0900 |
commit | f732baaeb6fc2e9872696cb381b90b8c523d0c53 (patch) | |
tree | f60b7f7af36fd3892dfbbb9e5934ea6ca4b4cc71 /src/xmltree.c | |
parent | 0f64042b733dfc42709af8a38d21679060c239af (diff) | |
download | xmlsec1-f732baaeb6fc2e9872696cb381b90b8c523d0c53.tar.gz xmlsec1-f732baaeb6fc2e9872696cb381b90b8c523d0c53.tar.bz2 xmlsec1-f732baaeb6fc2e9872696cb381b90b8c523d0c53.zip |
Replace vulnerable function to thread safety
* rand() -> rand_r()
* strcpy() -> strncpy()
* sprintf() -> snprintf()
* strerror() -> strerror_r()
Change-Id: Ib6d91ac0f5c75a54b3be5546ba281c53b1844828
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Diffstat (limited to 'src/xmltree.c')
-rw-r--r-- | src/xmltree.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/xmltree.c b/src/xmltree.c index 7084f696..a675cbc9 100644 --- a/src/xmltree.c +++ b/src/xmltree.c @@ -13,6 +13,7 @@ #include <stdlib.h> #include <string.h> #include <ctype.h> +#include <time.h> #include <errno.h> #include <libxml/tree.h> @@ -793,8 +794,9 @@ xmlSecGenerateID(const xmlChar* prefix, xmlSecSize len) { xmlSecAssert2(xmlSecBufferGetSize(&buffer) == binLen, NULL); /* create random bytes */ + unsigned int seed = time(NULL); for(i = 0; i < binLen; i++) { - (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand() / (RAND_MAX + 1.0)); + (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand_r(&seed) / (RAND_MAX + 1.0)); } /* base64 encode random bytes */ |